Forget hackers, watch out for your employees

Intentional, but non-malicious acts are often the cause of privacy failures.

Shares

Organisations should be fearing their own employees more than hackers, a new report says, because it's the employees who are putting the company at so much more cybersecurity risk. This is according to a report by CEB, a best practice insight and technology company. Hackers might be a problem, but not complying with privacy policies and moving files outside the company-controlled network is a much bigger issue.

But employees are doing it all the time, mostly because they find it convenient. Every year, the average Fortune 1000 company spends roughly £325,000, notifying customers and employees about privacy failures. The worst part is – these are just reported failures, the report says, suggesting there is probably a significant amount of those that go unnoticed. Employee actions (intentional, but not malicious) account for almost half (45 per cent) of internal privacy failures.

“Investing in technology to improve security is essential, however organisations also need to ensure that employees are doing their part to protect sensitive information.” “Employees will often work around controls – especially ones they feel are onerous – as a way to make their job easier,” said Lee.

“This ’rationalised noncompliance’ can not only increase privacy risks, but even jeopardise corporate strategy and ultimately growth. Establishing a more balanced approach to information governance – one that complements technological controls with prudent and relevant privacy policies that employees can easily follow – will allow companies to effectively use the information they collect and protect against a damaging data breach.”

CEB suggests organisations should avoid collecting unnecessary data and build privacy into business workflows, making it easier for employees to comply with the requirements.